Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Buffer overflow
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Anomaly in computer security and programming}} [[File:Buffer overflow basicexample.svg|thumb|Visualization of a software buffer overflow. Data is written into A, but is too large to fit within A, so it ''overflows'' into B.]] In [[computer programming|programming]] and [[information security]], a '''buffer overflow''' or '''buffer overrun''' is an [[anomaly in software|anomaly]] whereby a [[computer program|program]] writes [[Data (computing)|data]] to a [[Data buffer|buffer]] beyond the buffer's [[Memory allocation|allocated memory]], overwriting adjacent [[Main memory|memory]] locations. Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs; if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, then an anomalous transaction that produces more data could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including [[Memory fault|memory access errors]], incorrect results, and [[crash (computing)|crashes]]. Exploiting the behavior of a buffer overflow is a well-known [[security exploit]]. On many systems, the memory layout of a program, or the system as a whole, is well defined. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold [[execution (computing)|executable code]] and replace it with [[malicious code]], or to selectively overwrite data pertaining to the program's state, therefore causing behavior that was not intended by the original programmer. Buffers are widespread in [[operating system]] (OS) code, so it is possible to make attacks that perform [[privilege escalation]] and gain unlimited access to the computer's resources. The famed [[Morris worm]] in 1988 used this as one of its attack techniques. [[Programming language]]s commonly associated with buffer overflows include [[C (programming language)|C]] and [[C++]], which provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an [[Array data structure|array]] (the built-in buffer type) is within the boundaries of that array. [[Bounds checking]] can prevent buffer overflows, but requires additional code and processing time. Modern operating systems use a variety of techniques to combat malicious buffer overflows, notably by [[Address space layout randomization|randomizing the layout of memory]], or deliberately leaving space between buffers and looking for actions that write into those areas ("[[Buffer overflow protection#Canaries|canaries]]").
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)